<?php
	
	function generate_pay_button($order, $payment)
	{
			$MerchantPwd=$payment['bestpay_pwd'];
			
			$URL="https://capi.bestpay.com.cn";
			
			//step 1: generate order			
			$orderseq = $order['order_sn'];
			$orderdate = local_date('Ymd',$order['add_time']); 
			$ordereqtranseq = $order['order_sn'] . 'a' . gmtime().mt_rand(1000,9999);
			$subject="商品描述";
			$order_amount= (int)(((float)$order['order_amount'])*100);
			
			$time=local_date('YmdHis',$order['add_time']);
			
			$mac = 'MERCHANTID='.$payment['bestpay_account'].'&ORDERSEQ='.$orderseq.'&ORDERREQTRANSEQ='.$ordereqtranseq.'&ORDERREQTIME='.$time.'&KEY='.$payment['bestpay_key'];
			
			$mac = strtoupper(md5($mac));

			$order_params=array(
					'MERCHANTID' => $payment['bestpay_account'],
					'SUBMERCHANTID'=>'',
					'ORDERSEQ'=>$orderseq,
					'ORDERREQTRANSEQ'=>$ordereqtranseq,
					'ORDERREQTIME'=>"$time",
					'TRANSCODE'=>'01',
					'ORDERAMT'=>"$order_amount",
					'ORDERCCY'=>'RMB',
					'SERVICECODE'=>'05',
					'PRODUCTID'=>'04',
					'PRODUCTDESC'=>$subject,
					'requestSystem'=>'1',
					'MAC'=>$mac
				);

			$paramsJoined = array();
			foreach($order_params as $param => $value) {
					$paramsJoined[] = "$param=$value";
			}
			$paramData = implode('&', $paramsJoined);
			
			$ch = curl_init();
			curl_setopt_array($ch, array(
					CURLOPT_URL                =>  "https://webpaywg.bestpay.com.cn/order.action",
					CURLOPT_POST               =>  1,
					CURLOPT_SSL_VERIFYPEER     =>  FALSE,
					CURLOPT_SSL_VERIFYHOST     =>  FALSE,
					CURLOPT_RETURNTRANSFER     =>  1,
					CURLOPT_POSTFIELDS         =>  $paramData
			));
		
			$data = curl_exec($ch);
			curl_close($ch);
			
			$button="<div></div>";
			if($data!="00&手机客户端下单成功")
			{
				return $button;

			}
			
			//step 2 fetch the pubkey
			$params=array(
					'keyIndex' => '',
					'encryKey' => '',
					'encryStr' => '',
					'interCode' => 'INTER.SYSTEM.001'
			);
			
			$paramData=json_encode($params);
			
			
			$ch = curl_init();
			$header =  array('Content-Type: application/json');
			curl_setopt_array($ch, array(
					CURLOPT_URL                =>  $URL."/common/interface",
					CURLOPT_HTTPHEADER         =>  $header,
					CURLOPT_POST               =>  1,
					CURLOPT_SSL_VERIFYPEER     =>  FALSE,
					CURLOPT_SSL_VERIFYHOST     =>  FALSE,
					CURLOPT_RETURNTRANSFER     =>  1,
					CURLOPT_POSTFIELDS         =>  $paramData
			));
			
			$data = curl_exec($ch);
			curl_close($ch);
				
			$res_arr = json_decode($data,true);
			if($res_arr && $res_arr['success'])
			{
				//get the params
				$keyIndex=$res_arr['result']['keyIndex'];
				$pubKey=$res_arr['result']['pubKey'];
				
				$pay_params=array(
					'SERVICE' => 'mobile.securitypay.pay',
					'MERCHANTID' => $payment['bestpay_account'],
					'MERCHANTPWD' => $MerchantPwd,
					'BEFOREMERCHANTURL' => "http://www.baidu.com",
					'BACKMERCHANTURL' => "http://127.0.0.1:8040/wapBgNotice.action",
					'ORDERSEQ'=>$orderseq,
					'ORDERREQTRANSEQ'=>$ordereqtranseq,
					'ORDERTIME'=>"$time",
					'CURTYPE'=>'RMB',
					'ORDERAMOUNT'=>$order['order_amount'],
					'SUBJECT'=>$subject,
					'PRODUCTID'=>'04',
					'SIGNTYPE'=>'MD5',
					'PRODUCTDESC'=>$subject,
					'PRODUCTAMOUNT'=>$order['order_amount'],
					'ATTACHAMOUNT'=>'0',
					'CUSTOMERID'=>'1',
					'BUSITYPE'=>'04',
					'SWTICHACC'=>'false'
				);


				$paramsJoined = array();
				foreach($pay_params as $param => $value) {
						$paramsJoined[] = "$param=$value";
				}
				$pay_paramData = implode('&', $paramsJoined);
				
				$sign_params=array(
					'SERVICE' => 'mobile.securitypay.pay',
					'MERCHANTID' => $payment['bestpay_account'],
					'MERCHANTPWD' => $MerchantPwd,
					'SUBMERCHANTID' => '',
					'BACKMERCHANTURL'=>"http://127.0.0.1:8040/wapBgNotice.action",
					'ORDERSEQ'=>$orderseq,
					'ORDERREQTRANSEQ'=>$ordereqtranseq,
					'ORDERTIME'=>"$time",
					'ORDERVALIDITYTIME'=>'',
					'CURTYPE'=>'RMB',
					'ORDERAMOUNT'=>$order['order_amount'],
					'SUBJECT'=>$subject,
					'PRODUCTID'=>'04',
					'PRODUCTDESC'=>$subject,
					'CUSTOMERID'=>'1',
					'SWTICHACC'=>'false',	
					'KEY'=>$payment['bestpay_key']
				);			

				$paramsJoined = array();
				foreach($sign_params as $param => $value) {
						$paramsJoined[] = "$param=$value";
				}
				$sign_paramData = implode('&', $paramsJoined);
				
				$sign = strtoupper(md5($sign_paramData));

				$pay_paramData.="&SIGN=".$sign;


				$random_key=md5(mt_rand());
				$cipher = new Crypt_AES();
				$cipher->setKey($random_key);
				$crypttext = base64_encode($cipher->encrypt($pay_paramData));

				$rsa = new Crypt_RSA(); 
				$rsa->loadKey($pubKey);

				$rsa->setEncryptionMode(CRYPT_RSA_ENCRYPTION_PKCS1);
				$encrypted = base64_encode($rsa->encrypt($random_key));
				

				$webUrl = $URL."/gateway.pay?platform=wap_3.0&encryStr=".$crypttext."&keyIndex=".$keyIndex."&encryKey=".$encrypted;
				$webUrl = str_replace("+","%2B",$webUrl);
				
				$button = '<input type="button" onclick="javascript:window.location.href=\''.$webUrl.'\'" value="立即支付" />';			

			}
			
			return $button;
	}

?>